<?php 
session_start();
ob_start();

if($_GET['title']){
	$_SESSION['session_active_page'] = $_GET['title'];
}

?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("ewconfig.php") ?>
<?php include ("db.php") ?>
<?php include ("userinfo.php") ?>
<?php include ("advsecu.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php
if (!IsLoggedIn()) {
	ob_end_clean();
	header("Location: login.php");
	exit();
}
?>
<?php
if (@$_POST["submit"] <> "") {
	$bValidPwd = False;
	$bPwdUpdated = False;

	// Setup variables
	$sUsername = CurrentUserName();
	$sOPwd = generateHash(@$_POST["opwd"]);
	$sNPwd = generateHash(@$_POST["npwd"]);
	$sCPwd = generateHash(@$_POST["cpwd"]);
	if ($sNPwd == $sCPwd) {
		$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
		$sFilter = "(`username` = '" . AdjustSql($sUsername) . "')";
		$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
		$rs = phpmkr_query($sSql, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
		if (phpmkr_num_rows($rs) > 0) {
			$row = phpmkr_fetch_array($rs);
			if ($sOPwd == $row["password"]) {
				$sSql = "UPDATE `user`";
				$sSql .= " SET `password` = '" . $sNPwd . "'";
				$sSql .= " WHERE `username` = '" . $sUsername . "'";
				phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
				$sEmail = $row["email"];
				$bValidPwd = true;
				$bPwdUpdated = true;
			}
		}
		phpmkr_free_result($rs);
		phpmkr_db_close($conn);
	}
	if ($bPwdUpdated) {
		if ($sEmail <> "") {

			// Load email content
			LoadEmail("changepwd.txt");
			$sEmailFrom = str_replace("<!--\$From-->", "webmaster@sip.developer",$sEmailFrom); // Replace Sender
			$sEmailTo = str_replace("<!--\$To-->", $sEmail, $sEmailTo); // Replace Receiver
			$sEmailContent = str_replace("<!--\$Password-->", $_POST["cpwd"], $sEmailContent); // Replace Password

			// Send email
			Send_Email($sEmailFrom, $sEmailTo, $sEmailCc, $sEmailBcc, $sEmailSubject, $sEmailContent, $sEmailFormat);
		}
		$_SESSION[ewSessionMessage] = "Password Berhasil Dirubah";
		header("Location: changepwd.php");
		exit();		
	}
} else {
	$bValidPwd = true;
}
?>
<?php include ("header.php") ?>
<script type="text/javascript" src="ewp.js"></script>
<script type="text/javascript">
<!-- start JavaScript
function  EW_checkMyForm(EW_this) {
if  (!EW_hasValue(EW_this.opwd, "TEXT" )) {
            if  (!EW_onError(EW_this, EW_this.opwd, "TEXT", "Masukkan password"))
                return false;
        }
if  (!EW_hasValue(EW_this.npwd, "TEXT" )) {
            if  (!EW_onError(EW_this, EW_this.npwd, "TEXT", "Masukkan password"))
                return false;
        }
if  (EW_this.npwd.value != EW_this.cpwd.value) {
            if  (!EW_onError(EW_this, EW_this.cpwd, "TEXT", "Password Tidak Sama antara 'Password Baru' dengan 'Konfirmasi Password Baru' !!!"))
                return false;
        }
return true;
}

// end JavaScript -->
</script>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class="admin_td_title">
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
		  <tr>
			<td class="admin_title">Rubah Password&nbsp;</td>
		   </tr>
		 </table>
 	</td>
  </tr>
</table>
<br />
<?php
if (@$_SESSION[ewSessionMessage] <> "") {
?>
<p><span class="ewmsg"><?php echo $_SESSION[ewSessionMessage]; ?></span></p>
<?php
	$_SESSION[ewSessionMessage] = ""; // Clear message
}
?>
<?php if (!$bValidPwd) { ?>
<p><span class="phpmaker" style="color: Red;">Password Lama Salah</span></p>
<?php } ?>
<form action="changepwd.php" method="post" onSubmit="return EW_checkMyForm(this);">
<table border="0" cellspacing="0" cellpadding="4">
	<tr>
		<td><span class="phpmaker">Password Lama</span></td>
		<td><span class="phpmaker"><input type="password" name="opwd" size="20"></span></td>
	</tr>
	<tr>
		<td><span class="phpmaker">Password Baru</span></td>
		<td><span class="phpmaker"><input type="password" name="npwd" size="20"></span></td>
	</tr>
	<tr>
		<td><span class="phpmaker">Konfirmasi Password Baru</span></td>
		<td><span class="phpmaker"><input type="password" name="cpwd" size="20"></span></td>
	</tr>
	<tr>
		<td>&nbsp;</td>
		<td><span class="phpmaker"><input type="submit" name="submit" value="Simpan"></span></td>
	</tr>
</table>
</form>
<br>
<?php include ("footer.php") ?>
